|
871
|
- |
|
-
|
-
|
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior,…
New
|
CWE-91
Blind XPath Injection
|
CVE-2026-41672
|
2026-05-8 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
872
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in syste…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-41661
|
2026-05-8 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
873
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the ecard_preview.php endpoint does not validate that the ecard_template POST parameter is a safe filename before passing i…
New
|
CWE-22
Path Traversal
|
CVE-2026-41655
|
2026-05-8 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
874
|
6.1 |
MEDIUM
Network
|
-
|
-
|
fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "-->" sequence in comment content or the …
New
|
CWE-91
Blind XPath Injection
|
CVE-2026-41650
|
2026-05-8 01:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
875
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop
A race condition between gether_disconnect() and eth_stop()…
Update
|
CWE-362
Race Condition
|
CVE-2026-31728
|
2026-05-8 01:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
876
|
- |
|
-
|
-
|
Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This wa…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41648
|
2026-05-8 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
877
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A ma…
New
|
CWE-22
Path Traversal
|
CVE-2026-41589
|
2026-05-8 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
878
|
- |
|
-
|
-
|
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and …
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-41586
|
2026-05-8 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
879
|
5.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Microsoft Teams SSO invoke handler that fails to apply sender allowlist checks. Attackers can bypass …
Update
|
CWE-862
Missing Authorization
|
CVE-2026-43572
|
2026-05-8 01:03 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
880
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can expl…
Update
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-43571
|
2026-05-8 01:03 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
